CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Credential theft campaign PCPJack leverages five CVEs for cloud propagation and eviction of TeamPCP artifacts

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

PCPJack continues to propagate as a worm-like credential theft framework across Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications, now confirmed to deliberately evict TeamPCP artifacts before executing its payload. The framework remains attributed to a former TeamPCP operator leveraging intimate knowledge of the group’s tooling, with targeting patterns mirroring TeamPCP’s early campaigns from December 2025. Unlike TeamPCP’s earlier operations, PCPJack avoids cryptocurrency mining despite targeting crypto credentials, focusing instead on monetization via credential theft, fraud, spam, extortion, or resale. SentinelLabs analysis indicates PCPJack’s orchestrator script (worm.py) uses Telegram for C2 and propagates via Common Crawl parquet files, while a secondary shell script (check.sh) deploys Sliver-based backdoors across x86_64, x86, and ARM architectures and scans cloud environments for credentials tied to multiple service providers.

Timeline

  1. 07.05.2026 20:45 3 articles · 1d ago

    Emergence of PCPJack credential stealer with worm-like cloud propagation and TeamPCP eviction tactics

    SentinelLabs analysis confirms PCPJack deliberately removes all artifacts associated with TeamPCP before deploying its credential theft operations. This eviction tactic, combined with targeting similarities to TeamPCP’s early campaigns (December 2025), strengthens attribution to a former operator deeply familiar with the group’s tooling. Unlike prior TeamPCP campaigns, PCPJack avoids cryptocurrency mining despite targeting crypto credentials, focusing monetization on credential theft, fraud, spam, extortion, or resale. Researchers highlight TeamPCP’s recent supply chain compromises, including the compromise of GitHub Actions for Aqua Security’s Trivy vulnerability scanner to deliver infostealer malware to downstream users such as LiteLLM.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

CloudZ RAT abuses Microsoft Phone Link via Pheno plugin for credential and OTP theft

Since at least January 2026, threat actors have abused the CloudZ RAT and custom Pheno plugin to hijack Microsoft Phone Link on Windows hosts, enabling credential and OTP theft by intercepting synchronized mobile data without mobile device compromise. The attack chain begins with a fake ScreenConnect executable delivering a Rust-compiled loader that deploys CloudZ via regasm.exe, establishing persistence via a scheduled task under the SYSTEM account. CloudZ includes 20+ commands for data theft and system control, while the Pheno plugin scans for active Phone Link sessions to harvest synchronized content from SQLite databases like PhoneExperiences-*.db. Cisco Talos has published IOCs and ClamAV signatures to aid detection. The intrusion leverages Phone Link’s desktop synchronization of SMS, call logs, and notifications over Wi-Fi/Bluetooth, exposing a critical gap in MFA defenses that focus solely on mobile endpoints. The malware employs anti-analysis techniques and retrieves secondary configuration from staging servers and Pastebin, rotating user-agent strings to blend with legitimate traffic. No attribution to a known threat actor has been made.

Open in new tab

Cross-Platform Supply Chain Attack Expands with Mini Shai-Hulud Malware via PyPI and npm Ecosystems

A coordinated supply chain attack involving the "Mini Shai-Hulud" credential-stealing malware has expanded beyond npm to compromise the PyPI ecosystem, targeting the popular Python package Lightning with versions 2.6.2 and 2.6.3. The attack introduces a hidden _runtime directory containing a downloader and obfuscated JavaScript payload that executes automatically upon module import, using the Bun runtime to run an 11 MB malicious payload (router_runtime.js) for credential harvesting. The malware validates harvested GitHub tokens via api.github[.]com/user and injects a worm-like payload across up to 50 branches in accessible repositories, with commits authored to impersonate Anthropic's Claude Code. It also implements an npm-based propagation vector using postinstall hooks to spread to downstream users, mirroring techniques used in prior TeamPCP operations. Additional compromises include version 7.0.4 of intercom-client on PyPI, further aligning with the Mini Shai-Hulud campaign's modus operandi. The maintainers of Lightning acknowledged the incident while investigating a suspected compromise of their GitHub account. The attack is assessed as an extension of the Mini Shai-Hulud campaign, with TeamPCP identified as the likely threat actor based on shared technical details and recent operational activity, including the launch of an onion website following suspension from X. The compromised SAP npm packages ([email protected], @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected]) were published on April 29, 2026, between 09:55–12:14 UTC, each including malicious preinstall hooks that downloaded the Bun runtime from GitHub Releases and executed a heavily obfuscated execution.js payload. The payload harvested and encrypted developer and cloud secrets, exfiltrating them to attacker-controlled GitHub repositories labeled "A Mini Shai-Hulud has Appeared", while self-propagating via GitHub Actions workflow injection and abusing AI tool configurations (VS Code and Claude Code) for persistence. Additional exfiltration techniques included a Python-based memory scanner targeting CI runner secrets and a dead-drop mechanism leveraging GitHub commit searches for base64-encoded GitHub tokens.

Open in new tab

VECT 2.0 Ransomware Operation Degrades to Irreversible Data Destruction Due to Critical Encryption Flaw

VECT 2.0 ransomware has been confirmed as an irreversible data wiper due to a critical nonce-handling flaw that discards decryption metadata for 75% of affected files, ensuring recovery is impossible regardless of ransom payment. This flaw, inherent to the ChaCha20-IETF encryption scheme, encrypts four independent chunks per large file but only stores the final 12-byte nonce on disk, discarding the first three nonces required for decryption. The operation, structured as a ransomware-as-a-service scheme with a $250 Monero affiliate fee (waived for Commonwealth of Independent States actors), originated on a Russian-language cybercrime forum in December 2025 before being detected by security researchers in early January 2026. VECT 2.0 rapidly expanded through partnerships with BreachForums and TeamPCP, the latter of which provides access to victims compromised in recent supply-chain attacks. Analysts emphasize that negotiating with actors offers no path to file recovery and that the malware's threshold of 128KB ensures nearly all enterprise and user files are targeted. Additional analysis revealed multiple implementation flaws beyond the encryption flaw, including faulty obfuscation, unreachable anti-analysis code, and performance-degrading scheduler bugs. Organizations are advised to prioritize prevention through employee training, EDR monitoring, offline immutable backups, and strict access controls, particularly for ESXi environments.

Open in new tab

Ongoing Ghost Cluster Targets npm and GitHub in Multi-Stage Credential and Crypto Wallet Theft Campaign

A coordinated campaign tracked as Ghost continues to target developers via malicious npm packages and GitHub repositories to deploy credential stealers and cryptocurrency wallet harvesters. The operation leverages social engineering and multi-stage infection chains, including fake installation wizards that request sudo/administrator privileges and deceptive npm logs simulating dependency downloads and progress indicators. Stolen data—including browser credentials, crypto wallets, SSH keys, and cloud tokens—is exfiltrated to Telegram channels and BSC smart contracts. The campaign employs a dual monetization model combining credential theft via Telegram channels with affiliate link redirections stored in a BSC smart contract. Malicious npm packages first appeared under the user 'mikilanjijo', with operations beginning as early as February 2026 and expanding to at least 11 packages such as react-performance-suite and react-query-core-utils. The final payload is a remote access trojan that downloads from Telegram channels, decrypts using externally retrieved keys, and executes locally using stolen sudo passwords to harvest credentials and deploy GhostLoader.

Open in new tab

Supply chain compromise in Trivy scanner triggers CanisterWorm propagation across CI/CD pipelines

Supply chain compromise in the Trivy vulnerability scanner triggered the CanisterWorm propagation across CI/CD pipelines, now expanding to additional open-source ecosystems and involving multiple advanced threat actors. The TeamPCP threat group continues to monetize stolen supply chain secrets through partnerships with extortion groups including Lapsus$ and the Vect ransomware operation, with Wiz (Google Cloud) and Cisco confirming collaboration and horizontal movement across cloud environments. A new npm supply chain malware campaign discovered on April 24, 2026, shows self-propagating worm-like behavior via @automagik/genie and pgserve packages, stealing credentials and spreading across developer ecosystems while using Internet Computer Protocol (ICP) canisters for command and control. The malware shares technical similarities with prior TeamPCP campaigns, including post-install scripts and canister-based infrastructure, potentially indicating ongoing evolution of the threat actor's tactics or a new campaign leveraging established infrastructure. The Axios NPM package compromise via malicious versions 0.27.5 and 0.28.0 delivered a multi-platform RAT through a malicious dependency impersonating crypto-js, with attribution disputes suggesting either TeamPCP involvement or North Korean actor UNC1069 (Google's Threat Intelligence Group). Cisco's internal development environment was breached using stolen Trivy-linked credentials via a malicious GitHub Action, resulting in the theft of over 300 repositories including proprietary AI product code and customer data from banks, BPOs, and US government agencies. Multiple AWS keys were abused across a subset of Cisco's cloud accounts, with multiple threat actors participating in the breach.

Open in new tab